Our services

Sapphire Consulting Group is a data protection consultancy and we offer a full range of data protection compliance services.  We aim to offer practical solutions to your compliance issues.


Our services include:

1. Data Protection Audits and Programmes to Ensure Compliance

An audit involves an in-depth analysis of your current state of compliance with the Data Protection Act 1998 and the new General Data Protection Regulation. We can then produce a fully tailored set of policies and processes for your organisation to ensure that you are compliant.


2.  Training

We offer training in the GDPR and in direct marketing law.

GDPR Training

The GDPR will be enforced as of May 25th, 2018.  With fines of 4% of your annual turnover or €20 million, there is a big risk to your organisation if you have a data breach.  Add in the reputation damage and it becomes even more important that your staff are properly trained.

Our courses will explain the GDPR and how it will impact your organisation.  We will cover topics such as the principles of the GDPR, the rights of the data subject, dealing with subject access requests, the legal basis for processing, reporting breaches, fair processing notices and the international data transfer rules. No prior knowledge of data protection law is required.

We also offer bespoke GDPR training courses, such as GDPR and Employers/HR or GDPR and Recruitment.  Please get in touch to book the of these courses.


Direct Marketing Law Training

Our course on direct marketing will enable you to understand who you can send unsolicited direct marketing to and who you cannot. The law that governs unsolicited direct marketing by electronic means is the Privacy and Electronic Communications Regulation. The course will cover topics such solicited and unsolicited marketing, the soft-opt in exception, consent and B2C and B2B marketing. No prior knowledge is required.



3. Outsourced Data Protection Officer Services

Under the GDPR, there are certain organisations that must appoint a data protection officer (DPO).

For organisations who do not have the requisite knowledge, time or inclination, we can be your DPO.  The duties ofthe DPO are to:

  • To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
  • To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
  • To be the first point of contact for the Information Commissioners Office and for individuals whose data is processed (employees, customers etc).

With us as your DPO, you can rest assured that you are compliant with the GDPR.



4. Data Protection Support Plans

If you don’t need a DPO but would like on-going support, then our Data Protection Support Plan is for you. You can contact us anytime during office hours to ask for information, advice and guidance. We can advise on a wide variety of topics, such as a new marketing campaign, what to do with a subject access request, when to release information, third party requests and more — anything to do with data protection!

You can rest easy, knowing that you have access to a qualified, experience data protection specialist who is there to advise on any situation.


5. Data Protection Officer Recruitment Services

If you would like to recruit an in-house DPO, we can help you.  It can be difficult to recruit for a position for which you have no expertise but we can write the job description, assess Cvs and sit on your interview panel.  With our help, you can recruit the best candidate for you.




6. Services for Individuals

Under the GDPR, you can make a Subject Access Request (SAR) in order to find out if the organisation holds any personal data on you and what information they hold. You can then request any or all of the information that the organisation holds.  If you don’t know how to make a SAR or don’t have the time to put one together, let us help you.